Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016 | ||
---|---|---|
Prev | Next |
/etc/pf.conf
tcp_services = "{ ssh, smtp, domain, www, pop3, auth, pop3s }" udp_services = "{ domain }" block all pass out proto tcp to any port $tcp_services pass proto udp to any port $udp_services
NOTE: Default to deny, enable only the stuff we need
- load your new rules
$ sudo pfctl -f /etc/pf.conf
for syntax check only:
$ sudo pfctl -nf /etc/pf.conf
Note: only valid rule sets load, flushing rarely makes sense